[tor-bugs] #13795 [Tor Messenger]: Bundle SPI and jabber.ccc.de root certificates
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 17 17:40:03 UTC 2014
#13795: Bundle SPI and jabber.ccc.de root certificates
-------------------------------+--------------------
Reporter: sukhbir | Owner:
Type: task | Status: closed
Priority: normal | Milestone:
Component: Tor Messenger | Version:
Resolution: fixed | Keywords:
Actual Points: | Parent ID: #10946
Points: |
-------------------------------+--------------------
Changes (by sukhbir):
* status: new => closed
* resolution: => fixed
Comment:
(Some more discussion on [https://lists.torproject.org/pipermail/tbb-
dev/2014-December/000185.html tbb-dev].)
Short version: We are bundling the SPI root cert and a cert_override.txt
for jabber.ccc.de.
Long version:
Since OFTC is a widely used IRC network, we want that users should be able
to connect to it without the certificate warnings. So we are bundling the
SPI root cert which signs the OFTC certificates. (This cert is also
shipped with Debian and is part of the ca-certificates package.)
The jabber.ccc.de cert is signed by CAcert and we did not want to ship the
CAcert root as part of Tor Messenger. Since jabber.ccc.de is also a widely
used Jabber service, we are shipping a [https://developer.mozilla.org/en-
US/docs/Cert_override.txt cert_override.txt] populated with the
jabber.ccc.de fingerprint. This file is copied to every profile that is
created and users will be able to connect to jabber.ccc.de without the
certificate warning and without us shipping the CAcert root.
(We can't ship a cert_override.txt for OFTC since there can be only one
entry per domain and if you connect to irc.oftc.net, you can be connected
to [http://searchirc.com/servers/ any] of their servers).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13795#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list